With all the news and information coming out of BlackHat 2010 , DefCon 18, BSides Las Vegas and not to forget WikiLeaks these past days the announcement of the first user certification for cloud security didn’t get much of the attention it probably deserved. The Cloud Security Alliance, in cooperation with the European Network and Information […]
The National Institute for Standards and Technology is currently working on a new Special Publication (800-125) that deals security concerns around virtualization technology. The paper is currently released as draft for comment and public feedback is requested until August 13th 2010 as described below. “NIST requests comments on draft SP 800-125 by August 13, 2010. […]
I couldn’t really say that the whole conversation around security and compliance ever calmed down much but I seem to hear people talking about it a lot recently. On the one side there are the security vendors who see it as an opportunity to justify budget requests for whatever solution they try to sell; and […]
Someone recently approached me asking for advice on how to configure antivirus on virtualized endpoints as they received complains about poor performance on their infrastructure. After I got very briefly excited that the request would give me a chance to discuss hypervisor based malware protection it turns out that the only option at this point […]
I think the announcement of this little gem got lost somewhat in the news around InfoSec Europe. The CloudSecurityAlliance released the Cloud Controls Matrix on the 27th April during the InfoSec Europe event in London/UK. As the press release states “The CSA Cloud Controls Matrix contains 98 controls, identified as being applicable to cloud providers, […]